Network outages and cyberattacks cause unplanned downtime. And most organizations are seeing dramatic growth both in data center traffic and the use of web-scale ready applications. These trends have resulted in an increased density of business-critical workloads driving requirements for high availability network designs that can handle workload mobility and business continuity.
To ensure highly available and continuous protection of network infrastructures, Palo Alto Networks Next-Generation Security Platform supports active/passive and active/active high availability deployment modes. Active/passive high availability remains the most commonly deployed method of stateful failover for three reasons:
- Active/passive (A/P) designs are simple to implement and maintain over a period of time.
- State information associated with all network flows is synchronized with no loss of connectivity between endpoints on either side of the next-generation firewall.
- With A/P high availability implementation, the passive unit can effectively handle the network load in case of active unit failure.
In certain networks requiring continuous protection and the ability to handle asymmetric traffic, or run active routing protocols on all firewalls within a high availability configuration, active/active high availability features can address those requirements.
Palo Alto Networks next-generation firewalls provide comprehensive high availability options with features such as sub-second stateful failover, link and path monitoring capabilities. Organizations have the flexibility to implement advanced high availability deployments in full mesh active/passive and active/active failover configurations. This provides customers with continued protection from network-based attacks and secures connectivity to meet today’s business requirements.
For more information, please visit: